Introduction
You connect Threat Intelligence Indicators to the Microsoft Sentinel workspace using the provided data connectors.
You're a Security Operations Analyst working at a company that implemented Microsoft Sentinel. Your company has subscriptions to threat intelligence platform services that provide known malicious indicators for use in your detection rules.
You need to configure Microsoft Sentinel to import the indicators from these services automatically. The first service uses a TAXII server to allow indicators to be pulled. You configure the TAXII data connector to pull indicators from the service.
The next service provider doesn't use a TAXII server, but has created push integration capabilities to Microsoft Sentinel. You follow the instructions to configure the Threat Intelligence Platform connector. Now that the connectors are flowing into Microsoft Sentinel, the SecOps teams can use the indicators as part of their detection queries.
By the end of this module, you'll be able to connect Threat Intelligence Indicators to the Microsoft Sentinel workspace using the provided data connectors.
After completing this module, you'll be able to:
- Configure the TAXII connector in Microsoft Sentinel
- Configure the Threat Intelligence Platform connector in Microsoft Sentinel
- View threat indicators in Microsoft Sentinel
Prerequisites
Basic experience with Azure services